森德網站設計

資安情報站

產品技術通報:IBM Security Network Intrusion Prevention System (GX), IBM QRadar Network Security (XGS) XPU 3906.06163 更新

通報簡述
本次更新總共包含了 30 個新的入侵偵測特徵,並建議對 27 個事件進行阻擋。

產品: IBM Security Network Intrusion Prevention System (GX), IBM QRadar Network Security (XGS) 全系列

版本: 3906.06163
更新方式
1. 能使用網際網路的使用者,可利用 ManualUpgrader 或 SiteProtector 管理介面直接進行更新。
2. 無法使用網際網路的使用者,請至 http://ibmss.flexnetoperations.com/ 網站下載網頁中手動下載,並依手冊指示進行手動更新。
3. 更新之後,請檢查使用中的 Policy,並調整勾選新增的偵測事件特徵後,將 Policy 套用至相關元件。
新增特徵碼
編號 特徵碼名稱 參考資料 類別 風險等級
154895 CompoundFile_Word_User_Disclosure CVE-2019-0540 Suspicious Activity HIGH
154897 HTML_Meta_ProgID_Code_Exec CVE-2019-0541 Unauthorized Access Attempt MEDIUM
154917 CompoundFile_Word_Macrobutton_Disclosure CVE-2019-0561 Suspicious Activity HIGH
156024 HTTP_Cisco_Webex_URI_Exec CVE-2019-1636 Unauthorized Access Attempt HIGH
156024 Script_Cisco_Webex_URI_Exec CVE-2019-1636 Unauthorized Access Attempt HIGH
157116 HTTP_mIRC_URI_Exec CVE-2019-6453 Unauthorized Access Attempt HIGH
157116 HTML_mIRC_URI_Exec CVE-2019-6453 Unauthorized Access Attempt HIGH
157116 Script_mIRC_URI_Exec CVE-2019-6453 Unauthorized Access Attempt HIGH
158305 VNC_Client_rfbFileTransfer_Text_Overflow CVE-2019-8276 Unauthorized Access Attempt HIGH
160050 HTTP_Pimcore_Deserialization_Exec CVE-2019-10867 Unauthorized Access Attempt HIGH
160790 PDF_Reader_Mem_Corruption_079 CVE-2019-7764 Suspicious Activity MEDIUM
160802 PDF_Reader_Mem_Corruption_078 CVE-2019-7777 Suspicious Activity HIGH
160806 PDF_Reader_Mem_Corruption_077 CVE-2019-7783 Suspicious Activity MEDIUM
160814 PDF_Reader_Mem_Corruption_081 CVE-2019-7792 Suspicious Activity MEDIUM
160815 PDF_Reader_Mem_Corruption_083 CVE-2019-7793 Suspicious Activity MEDIUM
160827 PDF_Reader_Mem_Corruption_082 CVE-2019-7806 Suspicious Activity MEDIUM
160840 PDF_Reader_Mem_Corruption_080 CVE-2019-7823 Suspicious Activity HIGH
160931 HTTP_OPF_OpenProject_Sql_Injection CVE-2019-11600 Unauthorized Access Attempt MEDIUM
161936 Script_IE_Memory_Corruption_199 CVE-2019-0988 Suspicious Activity MEDIUM
161937 Script_Edge_Memory_Corruption_170 CVE-2019-0989 Suspicious Activity HIGH
161963 Script_IE_Memory_Corruption_198 CVE-2019-0920 Suspicious Activity HIGH
161969 PDF_Speech_API_Exec CVE-2019-0985 Unauthorized Access Attempt HIGH
161971 Script_Edge_Info_Disclosure_005 CVE-2019-0990 Suspicious Activity MEDIUM
161975 Script_Edge_Memory_Corruption_176 CVE-2019-1002 Suspicious Activity HIGH
161976 Script_Edge_Memory_Corruption_171 CVE-2019-1003 Suspicious Activity HIGH
161977 Script_Edge_Memory_Corruption_174 CVE-2019-1005 Suspicious Activity HIGH
161982 Script_Edge_Memory_Corruption_173 CVE-2019-1023 Suspicious Activity MEDIUM
162001 Script_Edge_Memory_Corruption_172 CVE-2019-1052 Suspicious Activity HIGH
162114 Script_Edge_Memory_Corruption_175 CVE-2019-1055 Suspicious Activity HIGH
162240 Swf_Flash_Player_Corruption_228 CVE-2019-7845 Suspicious Activity MEDIUM
修正與強化
1. 更正了CSS_QuickTime_Font_Overflow中的誤報,其中line-height或font-size帶有許多有效數字的浮點值。
2. 減輕了Microsoft Speech API處理的PDF文件的潛在規避技術。
阻擋建議
事件阻擋(Block)注意事項:
此次XPU於預設Policy中新增 27 個阻擋事件,若您不是使用預設Policy,請修改您目前的Policy使其偵測到下列事件時可以成功阻擋:
Git_Submodule_Malicious_SSH_Url
HTTP_Retadup_Trojan_CnC
BGP_Update_Size_Mismatch
Git_Submodule_Directory_Traversal
HTTP_Apache_ActiveMQ_QueueFilter_XSS
HTTP_PowerPool_Trojan_CnC
PDF_Foxit_PageNum_Uaf
DNS_PowerDNS_Hash_DoS
HTML_Meta_ProgID_Code_Exec
HTTP_Kubernetes_Dashboard_Auth_Bypass
HTTP_Cisco_Identity_LiveLogSettings_XSS
HTTP_Drupal_Core_Phar_Exec
HTTP_OpenMRS_Webservices_Exec
HTTP2_IIS_S
其他更新
注意事項
返回